Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/K2GN8Q4wuI9TOv_O5rPOY6UOVuw.roa
File:                     K2GN8Q4wuI9TOv_O5rPOY6UOVuw.roa (raw, json)
Hash identifier:          x81e2mavHKbR2e6iStjfXJXmlwyjRYwbRrSYSDYjLu8=
Subject key identifier:   2B:61:8D:F1:0E:30:B8:8F:53:3A:FF:CE:E6:B3:CE:63:A5:0E:56:EC
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       01942747DF48151078FC40A517933A4F334F
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/K2GN8Q4wuI9TOv_O5rPOY6UOVuw.roa
Signing time:             Thu 02 Jan 2025 13:50:08 +0000
ROA not before:           Thu 02 Jan 2025 13:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        85.28.32.0/23 maxlen: 23
                          85.28.34.0/24 maxlen: 24
                          85.28.56.0/22 maxlen: 22
                          85.28.56.0/24 maxlen: 24
                          85.28.58.0/24 maxlen: 24
                          109.238.196.0/23 maxlen: 23
                          109.238.201.0/24 maxlen: 24
                          109.238.202.0/24 maxlen: 24
                          109.238.203.0/24 maxlen: 24
                          109.238.204.0/24 maxlen: 24
                          109.238.206.0/24 maxlen: 24
                          109.238.207.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:df:48:15:10:78:fc:40:a5:17:93:3a:4f:33:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jan  2 13:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b618df10e30b88f533affcee6b3ce63a50e56ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ac:02:31:c5:da:2d:16:23:e7:f8:7b:50:e6:
                    cf:38:df:25:a0:28:3a:d1:75:d0:78:ee:a2:36:84:
                    68:1b:a8:97:5e:e0:90:b7:28:76:15:3a:ab:27:28:
                    0b:2a:5e:90:54:9b:48:73:64:23:c8:f5:41:19:d8:
                    e6:b1:7a:3d:ec:fc:7d:0f:68:f6:f0:2c:6b:3d:a6:
                    85:ce:db:6d:1b:e9:59:36:ae:73:03:6b:cc:78:f7:
                    c3:5a:16:35:5d:ed:44:26:be:68:ae:cf:d2:51:e1:
                    b5:95:4f:01:20:d8:90:37:fe:66:e9:fa:3b:a7:a3:
                    7a:16:d9:28:32:86:87:a6:6a:6d:8c:70:11:6b:1f:
                    62:7f:39:4c:1b:9e:a3:f3:15:8f:df:89:ca:0a:b2:
                    80:0f:0a:0f:83:e5:7d:b0:14:e4:b3:0c:92:17:c9:
                    48:24:2f:f4:66:11:c1:f5:8e:65:2b:ee:4b:78:53:
                    8b:a8:90:bd:2c:3c:8f:77:da:14:da:4c:72:b8:05:
                    cd:77:41:2f:0e:88:15:b1:b1:70:cd:a0:9c:c2:10:
                    b9:54:aa:18:69:3c:95:99:79:6e:4e:51:7e:94:55:
                    62:c3:04:d9:03:16:02:60:46:ae:93:38:54:4b:4c:
                    69:48:5e:b3:4a:00:4f:56:bd:9e:64:0e:9a:a3:bf:
                    04:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:61:8D:F1:0E:30:B8:8F:53:3A:FF:CE:E6:B3:CE:63:A5:0E:56:EC
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/K2GN8Q4wuI9TOv_O5rPOY6UOVuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.32.0-85.28.34.255
                  85.28.56.0/22
                  109.238.196.0/23
                  109.238.201.0-109.238.204.255
                  109.238.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:13:9f:96:62:9f:b4:4c:fd:fc:a8:54:9e:1b:9a:10:f8:53:
         b2:22:87:47:9e:18:46:26:b7:93:88:11:d1:f8:f0:e6:96:01:
         67:64:15:ae:58:b3:06:be:50:df:fa:11:03:9d:37:ae:a6:9c:
         70:2b:10:9d:6b:c4:b6:b0:54:d6:99:dc:d6:b0:b5:b4:54:d6:
         2e:7a:21:4c:92:82:d7:bf:25:94:ea:79:e0:f5:cb:08:fd:2b:
         4b:e5:e4:9f:c2:9d:0f:09:16:9f:d7:6f:5b:a0:1e:6c:21:a6:
         c1:33:96:32:07:fd:bf:79:f3:65:fc:00:ce:e0:42:96:b5:82:
         ae:d2:42:8d:11:eb:e3:24:65:01:ba:f0:cc:88:97:91:90:51:
         f9:0c:6d:53:18:05:83:a0:82:54:14:34:94:fa:84:ba:ea:ef:
         8a:28:22:43:2f:dd:82:62:40:b0:d4:11:69:df:53:6f:06:8e:
         ca:cf:d0:41:06:c5:0f:4e:78:75:05:97:a4:6e:68:be:4e:a1:
         ae:b7:40:14:bc:77:8f:52:83:cf:53:a6:f7:d7:d0:bd:26:cd:
         93:43:84:85:dd:fc:05:cc:ce:b5:0d:f1:7b:3a:bd:88:cc:57:
         de:61:46:41:f5:d7:97:04:b3:ab:f1:eb:28:ec:8e:53:06:22:
         94:d6:73:b8
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQnR99IFRB4/EClF5M6TzNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjUwMTAyMTM1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjYxOGRmMTBlMzBiODhmNTMzYWZmY2VlNmIzY2U2M2E1MGU1NmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqwCMcXaLRYj5/h7UObPON8loCg6
0XXQeO6iNoRoG6iXXuCQtyh2FTqrJygLKl6QVJtIc2QjyPVBGdjmsXo97Px9D2j2
8CxrPaaFztttG+lZNq5zA2vMePfDWhY1Xe1EJr5ors/SUeG1lU8BINiQN/5m6fo7
p6N6FtkoMoaHpmptjHARax9ifzlMG56j8xWP34nKCrKADwoPg+V9sBTkswySF8lI
JC/0ZhHB9Y5lK+5LeFOLqJC9LDyPd9oU2kxyuAXNd0EvDogVsbFwzaCcwhC5VKoY
aTyVmXluTlF+lFViwwTZAxYCYEaukzhUS0xpSF6zSgBPVr2eZA6ao78EZwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFCthjfEOMLiPUzr/zuazzmOlDlbsMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvSzJHTjhRNHd1STlUT3ZfTzVyUE9ZNlVPVnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAVVHCAD
BABVHCIDBAJVHDgDBAFt7sQwDAMEAG3uyQMEAG3uzAMEAW3uzjANBgkqhkiG9w0B
AQsFAAOCAQEAhxOflmKftEz9/KhUnhuaEPhTsiKHR54YRia3k4gR0fjw5pYBZ2QV
rlizBr5Q3/oRA503rqaccCsQnWvEtrBU1pnc1rC1tFTWLnohTJKC178llOp54PXL
CP0rS+Xkn8KdDwkWn9dvW6AebCGmwTOWMgf9v3nzZfwAzuBClrWCrtJCjRHr4yRl
AbrwzIiXkZBR+QxtUxgFg6CCVBQ0lPqEuurviigiQy/dgmJAsNQRad9TbwaOys/Q
QQbFD054dQWXpG5ovk6hrrdAFLx3j1KDz1Om99fQvSbNk0OEhd38BczOtQ3xezq9
iMxX3mFGQfXXlwSzq/HrKOyOUwYilNZzuA==
-----END CERTIFICATE-----